PassportRequireADMapping Metabase Property

Applies To: Windows Server 2003, Windows Server 2003 with SP1

The PassportRequireADMapping property specifies how IIS handles Microsoft .NET Passport authentication and Active Directory mapping.

By default, IISĀ 6.0 with .NET Passport authentication enabled tries to map the .NET Passport user to an account in Active Directory. This default behavior can create performance overhead for sites that do not accept .NET Passport Active Directory mapping. The mapping behavior can be controlled by the PassportRequireADMapping flag. The flag values are:

  • PassportRequireADMapping set to 0: IIS does not attempt Active Directory mapping. The request is handled as Anonymous User.

  • PassportRequireADMapping set to 1 (default setting): In this situation, the worker process must have TCB privileges (meaning, the worker process acts as part of the operating system). IIS then attempts to map to an Active Directory account (called LsaLogonUser). If this attempt fails, the request is handled as Anonymous User.

  • PassportRequireADMapping set to 2: IIS enforces a mapping from the .NET Passport account to an Active Directory account before returning the requested Web page. If the mapping fails, IIS returns a 401 error.

For more information, see Setting Up .NET Passport in IIS 6.0. Also, the AuthFlags Metabase Property contains the available settings for Windows authentication schemes and the file access authentication flags.

Attribute Name Attribute Value

XML Data Type

DWORD

WMI Data Type

SINT32

ADSI Data Type

DWORD

ABO Data Type

DWORD

ABO Metabase Identifier

MD_PASSPORT_REQUIRE_AD_MAPPING

Attributes

INHERIT

Default Value

1

MetaFlagsEx

CACHE_PROPERTY_MODIFIED

User Type

IIS_MD_UT_FILE

ID

6052

Configurable Locations

You can configure this property at the following locations in the IIS metabase.

Metabase Path IIS Admin Object Type

/LM/W3SVC/n/ROOT /LM/W3SVC/n/ROOT/virtual_directory_name

IIsWebVirtualDir

/LM/W3SVC/n

IIsWebServer

/LM/W3SVC

IIsWebService

/LM/W3SVC/n/ROOT/file_name /LM/W3SVC/n/ROOT/virtual_directory_name/file_name

IIsWebFile

/LM/W3SVC/n/ROOT/physical_directory_name /LM/W3SVC/n/virtual_directory_name/physical_directory_name

IIsWebDirectory

Code Example

For general code examples, see Code Examples to Configure Metabase Properties.